9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.268 Low
EPSS
Percentile
96.7%
CentOS Errata and Security Advisory CESA-2017:0794
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector.
Security Fix(es):
A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245)
A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342)
A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049)
A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495)
A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2017-March/030187.html
Affected packages:
quagga
quagga-contrib
quagga-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2017:0794
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | quagga | <Â 0.99.15-14.el6 | quagga-0.99.15-14.el6.i686.rpm |
CentOS | 6 | i686 | quagga-contrib | <Â 0.99.15-14.el6 | quagga-contrib-0.99.15-14.el6.i686.rpm |
CentOS | 6 | i686 | quagga-devel | <Â 0.99.15-14.el6 | quagga-devel-0.99.15-14.el6.i686.rpm |
CentOS | 6 | x86_64 | quagga | <Â 0.99.15-14.el6 | quagga-0.99.15-14.el6.x86_64.rpm |
CentOS | 6 | x86_64 | quagga-contrib | <Â 0.99.15-14.el6 | quagga-contrib-0.99.15-14.el6.x86_64.rpm |
CentOS | 6 | i686 | quagga-devel | <Â 0.99.15-14.el6 | quagga-devel-0.99.15-14.el6.i686.rpm |
CentOS | 6 | x86_64 | quagga-devel | <Â 0.99.15-14.el6 | quagga-devel-0.99.15-14.el6.x86_64.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.268 Low
EPSS
Percentile
96.7%